Question 1

Which technique involves assessing potential threats through analyzing attacker capabilities, motivations, and potential targets?

Options :

A : Threat modeling

B : Vulnerability assessment

C : Incident response

D : Risk assessment

Answer: A

Question 2

Which of the following is not a common technology found with cloud data storage?

Options :

A : Index-based storage

B : Application/platform

C : Database

D : Object storage

E : Volume-based storage

Answer: A

Question 3

CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based

services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry

standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so

that they will be able to present this document to potential clients.

Which of the following approach would be most suitable to assess the overall security posture of Health4Sure’s

cloud service?

Options :

A :

The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM

controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess

the remaining controls. This approach will save time.

B :

The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the

CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then

assess the remaining controls thoroughly. This approach saves time while being able to assess the

company’s overall security posture in an efficient manner.

C :

The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the

security posture of their cloud service against each and every control in the CCM. This approach will allow a

thorough assessment of the security posture.

Answer: C

Question 4

What is often the biggest challenge in the infostructure layer of a cloud solution when it comes to a BC design?

Options :

A : The proper configuration of stateful firewalls to protect data

B : The safe storage of encryption keying information

C : The synchronization of data between various locations

D : The need for additional bandwidth between sites during an event

Answer: C

Question 5

What are the three valid options for protecting data as it moves to and within the cloud?

Options :

A : Client/Application Encryption, Link/Network Encryption, Proxy-Based Encryption

B : Client/Application Encryption, Link/Network Encryption, Hypervisor Encryption

C : Client/Application Bundling, Link/Network Bundling, Proxy-Based Bundling

D : Password Encryption, Link/Network Encryption, Proxy-Based Encryption

E : Client/Application Encryption, Cloud Encoding, Proxy-Based Encryption

Answer: D

Smartly Prepare Exam with Free Online CCSK Practice Test

Buying Options: